[HackerNews] Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw three

Source: Read More (The Hacker News)

You might be interested in …

[TheRecord] STARTTLS implementations in email clients & servers plagued by 40+ vulnerabilities

A group of German academics said they discovered more than 40 security flaws in the implementation of the STARTTLS feature in today’s most popular email clients and email servers. Also known as Opportunistic TLS, STARTTLS refers to a set of protocol extensions used by email clients and servers to upgrade older email protocols like POP3, IMAP, and SMTP […]

Read More

[SecurityWeek] 4-Hour Time-to-Ransom Seen in Quantum Attack as Accelerated Ransomware Increasingly Common

All posts, Security Week

As part of a recent cyberattack, threat actors deployed ransomware less than four hours after compromising the victim’s environment, according to researchers with The DFIR Report. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ThreatPost] Kaseya Patches Zero-Days Used in REvil Attacks

All posts, ThreatPost

The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers. Source: Read More (Threatpost)

Read More